In 4.1, you can go to a user's account, IT Admin > Set Password and Lock Handheld and use that to force that password down to a user's hanhdheld. Does anyone know if that password is stored anywhere on the BES or in the SQL db, or is it strictly on the handheld?

Also, is the following scenario possible: when a user resets their AD password, we have an extranal password mgmt app that resets the user's pw in a few other applications. If the third party app could do it, would it be possible to have it issue a BESUserAdminClient -set_password command using the newly set AD password?

Also, is the following scenario possible: when a user resets their AD password, we have an extranal password mgmt app that resets the user's pw in a few other applications. If the third party app could do it, would it be possible to have it issue a BESUserAdminClient -set_password command using the newly set AD password?

That is ingenious. Yeah that should work as long as you let your users know about it but they will be able to change the password to something else if they wish.

I think there is a policy setting that will let you restrict a user from resetting their device password (I could be wrong--looking for it now). If we could set that, then user's are stuck using the password that is pushed to the device.